BugTraq Mode:
(Page 6 of 1654)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3449-1] bind9 security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3449-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 19, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) 2016-01-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04945270

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04945270
Version: 1

HPSBGN03534 r

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe 2016-01-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers PANDAIS16.exe, PANDAAP16.exe,
PANDAGL16.exe and PANDAGP16.exe available from
<www.pandasecurity.com> load and execute (at least) UXTheme.dll,
RichEd20.dll and RichEd32.dll from their "application directory".

For software downloaded with a web browser the applicati

[ more ]  [ reply ]
[CORE-2016-0001] - Intel Driver Update Utility MiTM 2016-01-19
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: Intel Driver Update Utility MiTM
Advisory ID: CORE-2016-0001
Advisory URL: http://www.coresecurity.com/advisories/intel-driver-update-utility-mitm
Date published: 2016-01-19
Date of last update: 2016-01-14
Vendors contacted: Intel
Release mode: Coordinated release

2.

[ more ]  [ reply ]
Quick Cart v6.6 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Quick Cart
#Exploit Author : Rahul Pratap Singh
#Version : 6.6
#Home page Link : http://opensolution.org/home.html
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 19/Jan/2016

XSS Vulnerability:

[ more ]  [ reply ]
[SECURITY] [DSA 3448-1] linux security update 2016-01-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3448-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 19, 2016

[ more ]  [ reply ]
Quick CMS v 6.1 XSS Vulnerability 2016-01-19
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Quick CMS
#Exploit Author : Rahul Pratap Singh
#Version : 6.1
#Home page Link : http://opensolution.org/home.html
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 19/Jan/2016

XSS Vulnerability:

-

[ more ]  [ reply ]
Advanced Electron Forum v1.0.9 RFI / CSRF 2016-01-18
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-RFI.txt

Vendor:
=============================
www.anelectron.com/downloads/

Product:
================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patched

[ more ]  [ reply ]
Advanced Electron Forum v1.0.9 Persistent XSS 2016-01-18
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-XSS.txt

Vendor:
=============================
www.anelectron.com/downloads/

Product:
====================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit patc

[ more ]  [ reply ]
Advanced Electron Forum v1.0.9 CSRF 2016-01-18
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AEF-CSRF.txt

Vendor:
=============================
www.anelectron.com/downloads/

Product:
====================================
Advanced Electron Forum v1.0.9 (AEF)
Exploit pat

[ more ]  [ reply ]
[SECURITY] [DSA 3447-1] tomcat7 security update 2016-01-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3447-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 17, 2016

[ more ]  [ reply ]
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com
Subject: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3

Vulnerability Description
=========================
The vulnerability allows disclosure of Data-at-Rest of Samsung KNOX 1.0 containers.

KNOX container data is encrypted using eCryptFS containers. T

[ more ]  [ reply ]
[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com
Subject: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3

Vulnerability Description
=========================
The vulnerability allows disclosure of Data-in-Motion of Samsung KNOX 1.0 containers.

In KNOX 1.0.0 the applications inside the container us

[ more ]  [ reply ]
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------------
CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability
---------------------------------------------------------------

[-] Software Link:

http://cakephp.org

[-] Affected Versions:

Version 3.2.0 RC1 and prior 3.x versions.

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in 2009/2010, after beeing hit by "carpet bombing" and "binary
planting" alias "DLL hijacking/spoofing/preloading" (see
<https://blogs.technet.com/b/srd/archive/2009/04/14/ms09-014-addressing-
the-safari-carpet-bomb-vulnerability.aspx>
and <https://technet.microsoft.com/en-us/library/2269637

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers python-3.5.1-webinstall.exe and
python-3.5.1.exe available on
<https://www.python.org/downloads/windows/> load and execute
multiple DLLs from their "application directory".

For software downloaded with a web browser the application
directory is typically the user

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-014-01)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:07.openssh 2016-01-15
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:07.openssh Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD bsnmpd information disclosure 2016-01-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: FreeBSD bsnmpd information disclosure
Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-5677-freebsd-bsnmpd.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd
.html
Date pu

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160113-wlc

Revision: 1.0

For Public Release 2016 January 13 16:00 GMT

+-------------------------------------------------------------

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:05.tcp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:05.tcp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:01.sctp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:01.sctp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability

Advisory ID: cisco-sa-20160113-aironet

Revision 1.0

For Public Release 2016 January 13 16:00 UTC (GMT)

+---------------------------------------------------------------------

Sum

[ more ]  [ reply ]
[slackware-security] dhcp (SSA:2016-012-01) 2016-01-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2016-012-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
Remote Code Execution in Roundcube 2016-01-13
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23283
Product: Roundcube
Vendor: Roundcube.net
Vulnerable Version(s): 1.1.3 and probably prior
Tested Version: 1.1.3
Advisory Publication: December 21, 2015 [without technical details]
Vendor Notification: December 21, 2015
Vendor Patch: December 26, 2015
Public Disclosure: Janua

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:04.linux 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:04.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege 2016-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 3

HPSBUX03359 S

[ more ]  [ reply ]
[SECURITY] [DSA 3444-1] wordpress security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3444-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability

Advisory ID: cisco-sa-20160113-air

Revision 1.0

For Public Release 2016 January 13 16:00 UTC (GMT)

+-------------------------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04939841

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04939841
Version: 1

HPSBHF03535 r

[ more ]  [ reply ]
(Page 6 of 1654)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus